NIST tries to calm 5G, network edge security worries

A cybersecurity group within the National Institute of Standards and Technology (NIST) is building the case that 5G is secure enough for edge and Internet of Things deployments.

A proposed NIST cybersecurity practice guide is being compiled to allay security concerns, particularly those circulating in the health care, finance, utilities, automotive, and communications industries.

Worries are not unfounded. There are security problems inherent in 5G infrastructure. Business leaders comparing software-defined, virtualized 5G to the hardware-centric nature of LTE standards are not entirely convinced 5G is better.

So, NIST’s National Cybersecurity Center of Excellence is collaborating with U.S. industries on a detailed guide showing “5G’s robust security features.” The center last month described how its staff and experts in the field will create the practice guide.

Chief among the group’s tasks is identifying 5G use cases. Each one is expected to highlight examples, specific to each use case, of ways to “strengthen the 5G architecture components to mitigate identified risks” and address relevant compliance requirements. The project also is expected to detail 5G’s own cybersecurity features.

But those positives have risks, too. The company said that the way data is routed on 5G networks, for example, can invite mobile network mapping. In such an attack, devices on the network can be identified, mapped, and associated with a specific person.

The NIST group is aiming to help companies minimize risk by leveraging core components including:

– Commodity hardware with trust capabilities such as Trusted Computing Modules that are specifically tasked with hardware dedicated to encryption.

– Isolation and policy enforcement that ensure workloads “can be restricted to run only on trusted hardware that meets specific asset policies.”

– Visibility and compliance mechanisms that enable continuous enforcement of policies over the lifecycle of workloads.

The end result will be a document that shows how security risks can be mitigated through the use of standards-based and open-source technologies. The NIST envisions companies using the guide as a checklist of sorts for companies buying and building 5G networks.